<?php
 require_once('inc/addons.php');
 require_once('inc/users.php');
 require_once('inc/functions.php');

 define('SUBPAGE', 'account');

 Users::startSession();

 if (Users::isLoggedIn()) {
  $user = Users::getUser();

  if (isset($_POST['addon_name']) && isset($_POST['addon_type'])) {
   $sql  = 'INSERT INTO addons (user_id, addon_title, addon_type) VALUES (';
   $sql .= $user->getUserID() . ', \'' . m($_POST['addon_name']) . '\', \'';
   $sql .= m($_POST['addon_type']) . '\')';
   mysql_query($sql) or die(mysql_error());

   $sql  = 'INSERT INTO versions (addon_id, version_stable, version_unstable) ';
   $sql .= 'VALUES (' . ($id = mysql_insert_id()) . ', 1, 1)';
   mysql_query($sql) or die(mysql_error());

   header('Location: /editaddon/' . $id);
   exit;
  }

  if (isset($_POST['submit']) && isset($_POST['email']) && isset($_POST['name'])) {
   //check data
   if ($user->getEmail() != $_POST['email']) {
    $sql = 'SELECT COUNT(*) FROM users WHERE user_email = \'' . m($_POST['email']) . '\'';
    $res  = mysql_query($sql) or die(mysql_error());
    $row = mysql_fetch_row($res);
    if ($row[0] == 0) {
     if (preg_match('/^[^@]+@[^@]+\.[a-z]+$/i', $_POST['email'])) {
      $sql = 'UPDATE users
      SET user_email=\'' . $_POST['email'] . '\'
      WHERE user_id=\'' . m($user->getUserID()) . '\'';
      $res  = mysql_query($sql) or die(mysql_error());
      $messages[] = 'Email updated.';
     } else {
      $messages[] = 'Email invalid.';
     }
    } else {
     $messages[] = 'Email address is already in use, please choose another.';
    }
   }
   if ($user->getDisplayName() != $_POST['name']) {
    if (strlen($_POST['name']) > 0) {
     $sql = 'UPDATE users
     SET user_displayName=\'' . $_POST['name'] . '\'
     WHERE user_id=\'' . m($user->getUserID()) . '\'';
     $res  = mysql_query($sql) or die(mysql_error());
     $messages[] = 'Username updated.';
    } else {
     $messages[] = 'Username invalid.';
    }
   }
  }
  if (isset($_POST['password']) && isset($_POST['password1']) && isset($_POST['password2'])) {
   //check password
   if (strlen($_POST['password1']) >= 6) {
    if ($_POST['password1'] == $_POST['password2']) {
     $sql = 'UPDATE users
     SET user_password=\'' .
     hash('sha512', strtolower($user->getUserName()) . $_POST['password1'] . '-addons')
     . '\' WHERE user_id=\'' . m($user->getUserID()) . '\'';
     $res  = mysql_query($sql) or die(mysql_error());
     $messages[] = 'Password changed.';
    } else {
     $messages[] = 'Passwords didnt match.';
    }
   } else {
    $messages[] = 'Password invalid, must be 6 or more characters.';
   }
  }
 }

 showHeader('My Account');

 if (Users::isLoggedIn()) {
  $user = Users::getUser();
  echo '      <h2>My Account ['.ucfirst($user->getLevel()).']</h2>'."\r\n";
  echo '      <p>Welcome, '.$user->getDisplayName().'.</p>'."\r\n";
  if (isset($messages)) {
   echo '      <ul>' . "\r\n";
   foreach ($messages as $message) {
    echo '<li>' . $message . '</li>';
   }
   echo '      </ul>' . "\r\n";
  }
  echo '      <form action="/account" method="post">' . "\r\n";
  echo '        <table>' . "\r\n";
  echo '           <tr>' . "\r\n";
  echo '             <td style="text-align: right;">Display name: </td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="text" name="name" value="' . $user->getDisplayName() . '" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr><tr>' . "\r\n";
  echo '             <td style="text-align: right;">Email: </td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="text" name="email" value="' . $user->getEmail() . '" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr><tr>' . "\r\n";
  echo '             <td></td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="submit" name="submit" value="Submit" />' . "\r\n";
  echo '               <input type="reset" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr>' . "\r\n";
  echo '        </table>' . "\r\n";
  if (!$user->isOpenID()) {
  echo '        <p>To change your password fill in the following details.</p>' . "\r\n";
  echo '      <form action="/account" method="post">' . "\r\n";
  echo '        <table>' . "\r\n";
  echo '           <tr>' . "\r\n";
  echo '             <td style="text-align: right;">New password: </td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="text" name="password1" value="" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr><tr>' . "\r\n";
  echo '             <td style="text-align: right;">Re-enter password: </td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="text" name="password2" value="" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr><tr>' . "\r\n";
  echo '             <td></td>' . "\r\n";
  echo '             <td>' . "\r\n";
  echo '               <input type="submit" name="password" value="Change password" />' . "\r\n";
  echo '             </td>' . "\r\n";
  echo '           </tr>' . "\r\n";
  echo '        </table>' . "\r\n";
  echo '      </form>' . "\r\n";
  }
  echo ' <h2>My addons</h2>';

  $sql  = 'SELECT addon_id, addon_type, addon_core, addon_title, user_displayname, ';
  $sql .= ' addon_rating, addon_verified FROM addons ';
  $sql .= 'NATURAL JOIN users WHERE user_id = ' . $user->getUserID();

  if ($user->getLevel() == 'developer' || $user->getLevel() == 'helper') {
   $dev  = true;
   $sql .= ' OR 1';
  } else {
   $dev  = false;
  }

  $res = mysql_query($sql);

  if (mysql_num_rows($res) == 0) {
   echo '<p style="font-style: italic;">You have not submitted any addons.</p>';
  } else {
   echo '<table style="width: 100%;">';
   echo '<tr><th>ID</th><th>Name</th><th>Type</th>';
   if ($dev) { echo '<th>User</th>'; }
   echo '<th>Core?</th><th>Verified?</th><th>Rating</th></tr>';

   while ($row = mysql_fetch_assoc($res)) {
             echo '<tr><td>', htmlentities($row['addon_id']), '</td><td>';
             echo '<a href="/editaddon/', htmlentities($row['addon_id']);
             echo '">', htmlentities($row['addon_title']), '</a></td><td>';
             echo htmlentities($row['addon_type']), '</td><td>';
             if ($dev) { echo htmlentities($row['user_displayname']), '</td><td>'; }
             echo htmlentities($row['addon_core']), '</td><td>';
             echo htmlentities($row['addon_verified']), '</td><td>';
             echo htmlentities($row['addon_rating']), '</td></tr>';
   }

   echo '</table>';
  }

  echo '<h3>Submit new addon</h3>';
  echo '<form action="/account" method="post">';
  echo '<label>Name: <input type="text" name="addon_name"></label>';
  echo '<label>Type: <select name="addon_type">';
  echo '<option value="plugin">Plugin</option><option value="action">Action Pack</option>';
  echo '<option value="theme">Theme</option></select></label>';
  echo '<input type="submit" value="Create">';
  echo '</form>';
 } else {
  show403();
 }

 showFooter();
?>
